United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Track-mark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/655.372 



09/05/2003 



22428 7590 11/09/2010 

FOLEY AND LARDNER LLP 
SUITE 500 
3000 K STREET NW 
WASHINGTON, DC 20007 



Masanao Sakai 



PAN, JOSEPH T 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Advisory Action 
Before the Filing of sn Appesl Brief 


Application No. 

10/655,372 


Applicant(s) 

SAKAI, MASANAO 


Examiner 

JOSEPH PAN 


Art Unit 

2492 





-The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



THE REPLY FILED 22 October 2010 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . £3 The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of this 

application, applicant must timely file one of the following replies: (1 ) an amendment, affidavit, or other evidence, which places the 
application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41 .31 ; or (3) a Request 
for Continued Examination (RCE) in compliance with 37 CFR 1.114. The reply must be filed within one of the following time 
periods: 

a) K| The period for reply expires 6_months from the mailing date of the final rejection. 

b) CD The period for reply expires on: (1) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In 

no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN TWO 

MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1 .136(a). The date on which the petition under 37 CFR 1.136(a) and the appropriate extension fee 
have been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee 
under 37 CFR 1.17(a) is calculated from: (1) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as 
set forth in (b) above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, 
may reduce any earned patent term adjustment. See 37 CFR 1 .704(b). 
NOTICE OF APPEAL 

2. ^The Notice of Appeal was filed on 22 October 2010 . A brief in compliance with 37 CFR 41.37 must be filed within two months of 

the date of filing the Notice of Appeal (37 CFR 41 .37(a)), or any extension thereof (37 CFR 41 .37(e)), to avoid dismissal of the 
appeal. Since a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41 .37(a). 
AMENDMENTS 

3. ^ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) ^ They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) d They raise the issue of new matter (see NOTE below); 

(c) They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 
appeal; and/or 

(d) Q They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: See Continuation Sheet . (See 37 CFR 1.116 and 41.33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. n Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling the 

non-allowable claim(s). 

7. £3 For purposes of appeal, the proposed amendment(s): a) ^ will not be entered, or b) □ will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: 1.3-8. 10-13. 15.17. 18.20.21.23-26.28-30 and 32-36 . 

Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary and 
was not earlier presented. See 37 CFR 1.116(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41 .33(d)(1 ). 

1 0. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

11. The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 
See Continuation Sheet. 

12. □ Note the attached Information Disclosure Statements). (PTO/SB/08) Paper No(s). 

13. □ Other: . 

/JOSEPH THOMAS/ /Joseph Pan/ 

Supervisory Patent Examiner, Art Unit 2492 Examiner, Art Unit 2492 
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Continuation of 3. NOTE: They raise new issue that would require further consideration and/or new search. For example, "Applicant has: 
amended independent claim 1 to include the features of canceled claims 5, 6 and 20." (see page 1 , of Remarks). However, the dependent 
claim 20 was dependent on independent claim 15. Therefore, the feature recited in claim 20 (wherein the IPsec processing apparatus 
retransmits the request for communication to the IPsec setting apparatus and receives new setting information before a term of validity for 
the SA expires ) is new to independent claim 1 and its dependent claims. Similarly, the amended independent claim 8 now contains the 
feature of claim 20, which is new to independent claim 8 and its dependent claims. 



Continuation of 11. does NOT place the application in condition for allowance because: 

(a) Applicant argues: "In contrast, in the present invention as claimed, the IKE is not used for acquisition of the common encryption key. 
Rather, the IPsec setting apparatus "generates SA (Security Association) parameters, to be used in the IPsec communication between the 
first and the second IPsec processing apparatuses," without the use of the IKE, to supply IPsec processing apparatuses with the SA 
parameter. As a result, it is not necessary to perform an arithmetic operation of Diffie-Helman as used in IKE. See published application at 
[00040]." (see page 11, 2 nd paragraph) 
Examiner maintains: 

The primary reference Arrow discloses "In state 1310, the system manager defines VPN parameters for authentication, encryption, and 
compression functions to be associated with a newly created VPN." (see col. 15, lines 52-54, of Arrow). Therefore, Arrow discloses that the 
system manager of the VPN management station defines the VPN parameter for encryption, such as an encrpytion key. 
Arrow discloses "Among its other functions, RSA module 722 supports management of encryption keys and loading of configuration 
information into VPN unit 115 from VPN management station 160 (from FIG. 1). To this end, RSA module 722 communicates with key 
management module 738, which itself communicates with VPN processor 718. Key management module 738 sets up keys for encryption 
and authentication functions." (see col. 1 1 , lines 27-34, of Arrow). Therefore, Arrow discloses that the VPN unit (IP processing apparatus) 
receives and uses the encrypion key from the VPN management station (IP setting apparatus). 

Arrow discloses that the VPN unig (IP processing apparatus) receives and uses encryption key from VPN management station (IP setting 
apparatus). However, Arrow does not specifically mention that the encryption key is a common key. 

On the other hand, Sullenberger discloses the common key in "Currently IPsec VPN networks are established using point-to-point links 
among routers or switches that participate in the VPNs. This is a natural way to set up encrypted networks since encryption involves 
establishing a shared secret between the two endpoints so that each end can decrypt what the other end has encrypted. The most efficient 
way to manage larger and larger collections of these point-to-point links is to arrange them into hub-and-spoke networks." (see col. 2, lines 
24-29, of Sullenberger). Therefore, Sullenberger discloses using a shared secret (common key) for IPsec VPN networks. 
Thus, the combination of Arrow and Sullenberger disclose generating SA (Security Association) parameters such as a common encryption 
key, to be used in the IPsec communication between the first and the second IPsec processing apparatuses( without the use of the IKE ), 
such as claimed. 



(b) Applicant argues: 

"Further, as recited in amended claim 1 , "the IPsec processing apparatus retransmits the request for communication to the IPsec setting 
apparatus and receives new setting information before a term of validity for the SA expires."" (see page 1 1 , 2 nd paragraph) 
Examiner maintains: 

Arrow discloses "In an embodiment of the present invention, pointer memory 410 also stores some of the contents of configuration data 602 
(shown in FIG. 6) of storage memory 408. Illustratively, when VPN unit 115 is configured or reconfigured by VPN management station 160, 
portions of configuration data 602 essential to the continued operation of VPN unit 115 (e.g., the IP address of VPN unit 115, default route 
for communicating with the VPN management station) are copied into pointer memory 410. Doing so helps ensure the continued operation 
of VPN unit 115 during the configuration or reconfiguration process." (see col. 10, lines 41-57, of Arrow). Therefore, Arrow discloses that 
the VPN unit (IP procesing apparatus) receives new setting information, such as the encryption parameter (key), from the VPN 
management station (IP setting apparatus). However, Arrow does not explicitly discloses a term of validity for the SA (Security Association, 
such as a common encryption key) to expire. 

On the other hand, Sullenberger discloses "For example, an IPsec policy may comprise values indicating that the encryption methodology 
is DES, IPsec transport mode is used, specific key lifetime values [i.e., specify the lifetime of a key], etc. These values are typically 
established in a static configuration step as part of a router configuration." (see column 7, lines 44-47, of Sullenberger). Therefore, 
Sullenberger discloses specifying a term of validity for the SA, such as a common encryption key, to expire. 

Arrow discloses that the VPN management station (IP setting apparatus) issues a request to a VPN unit (IP processing apparatus) for 
configuration (see column 12, lines 22-25 "configuration module 710 of operating system 116 manages the configuration of VPN unit 1 15 in 
response to configuration requests or commands from VPN management station 160.', of Arrow). However, Arrow does not specifically 
mention that a VPN unit (IP processing apparatus) makes a request to the VPN management station (IP setting apparatus). 
On the other hand, Sullenberger discloses "Further, the input may be transmitted and received in response to a spoke router sending a 
resolution request message to the hub router acting as next-hop server (NHS), in the form of a resolution reply message. " (see column 7, 
line 63, to column 8, line 1 , of Sullenberger). Therefore, Sullenberger discloses that the IPsec processing apparatusmakes a request to the 
IPsec setting apparatus for communication to the IPsec setting apparatus. 

Thus, the combination of Arrow and Sullenberger disclose "the IPsec processing apparatus retransmits the request for communication to 
the IPsec setting apparatus and receives new setting information before a term of validity for the SA expires.", such as claimed. 
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